On Thu, May 12, 2016 at 01:08:36AM +0000, isis wrote:
Virgil Griffith transcribed 2.7K bytes:
Here's the line about unacceptability of crawling .onion:
"For example, it is not acceptable to run an HSDir, harvest onion addresses, and do a Web crawl of those onion services."
https://trac.torproject.org/projects/tor/wiki/org/meetings/2015SummerDevMeet...
So, this can indeed be an official policy. But it was the first I had heard of it. And currently at least 3-4 tor2web nodes in good-standing explicitly permit crawling of .onion .
Hi Virgil, I think it's time we have another conversation, privately.
Perhaps, more explicitly, what we'd like to eliminate is people like you, Virgil.
This is harsh, but sadly quite true based on what we've heard and were told. I'm sorry it's taken this long - and required Isis saying something.
You've admitted publicly, in person, to several of our developers
We do not tolerate people within our community cooperating with any parties, including law enforcement and government agencies, to deanonymise real world users of the Tor network. Full stop.
We shouldn't, but it seems like we do. We've significantly improved monitoring the Tor network for malicious relays and encouraging directory authorities reject them, but we're still struggling with how we handle people within our community who are potentially acting passively malicious. I hope we will act swiftly and decisively when we know a community members is actively acting malicious. That's to be determined, I suppose.
The easy and usually correct answer is "reject first and ask questions later". We started there but then stopped after some fruitful conversations. It's time we reassess this. However, that being said, it's difficult because we don't actually have a good method for kicking out a person from the community - if that is the chosen course of action. In addition, we don't have the resources available for mentoring or "rehabilitation" (or whatever that would be called), but still non-action is the worst possible default.
Your previous behaviours were absolutely abhorent, unethical, unacceptable, and cowardly. They are now covered by the official ethical guidelines.
Virgil, I hope this is clearly understandable for you. If not, and for anyone else reading this thread, then to the best of our abilities, we should not and must not implicitly allow someone to actively harm Tor users. If you are an active participant in this community, then it is implicitly assumed you are not malicious. Any actions by you that are contrary to this are not acceptable.
Tor2web similarly should be killed with fire as being a blatant and disgusting workaround to the trust and expectations which onion service operators place in the network.
Personally, I have varying opinions about Tor2Web's use, but at this point I do not support it. Despite it's inherent problems, I think it was a useful tool when it was initially designed and implemented. Now I believe it is actively harming (potential) Tor users. There is nothing we can do that will prevent people from using it, but the Tor2Web gateways are designed so they can easily be used instead of linking directly to an onion site. As a result, it provides websites with the privilege of both forcing the user to leak the onion service address to the Tor2Web gateway and (possibly) leaking the Tor user's IP address when they request the onion site, without the user's consent. If the Tor2Web gateways were not available then the user would either use Tor Browser or not visit the site - both are more preferable than leaking the client's IP address to the Tor2Web gateway.
I don't know how we can undo the damage from this. I'm open to suggestions for it.
Essentially, as I see it, we must take a strong stance against people who are harming Tor users. I don't care if the users are using Tor in TAILS, Tor Browser, ricochet, or they're connecting via a Tor2Web-backed website - these are all Tor users. There's something to be said for malicious Tor users and creepy/sick/crazy Tor users who are hurting other people, but those are edge cases they should be handled uniquely (and maybe not by the Tor community at all) without affecting the millions of people who use Tor for their own protection.
Thanks, Matt